Posted
by
timothy
on Thursday March 22, 2012 @04:26PM
from the filling-the-gaps-in-the-walls dept.

Diomidis Spinellis writes "We hear a lot about the adoption of open source software, but when I was asked to provide hard evidence there was little I could find. In a recent article we tried to fill this gap by examining the type of software the U.S. Fortune 1000 companies use in their web-facing operations. Our study shows that the adoption of OSS in large U.S. companies is significant and is increasing over time through a low-churn transition, advancing from applications to platforms, and influenced by network effects. The adoption is likelier in larger organizations and is associated with IT and knowledge-intensive work, operating efficiencies, and less productive employees. Yet, the results were not what I was expecting."

Part of their results are based on what they host their company websites on. I don't know about the top 1000. But when I worked at an ISP, several large clients that colo-ed several racks of equipment from us hosted their website on our hosted servers. If a company website doesn't do anything interactive besides send an email to someone in sales or marketing then thats probably what said company does.

Also, its really more interesting what the internal systems in a corporation are running, not the company website, which is usually not handled by IT.

In my experience most specialist corporate software consists of Microsoft Office macros written in Visual Basic. Standard letters, reports, budgets,... Companies just cannot switch over to LibreOffice and this is the reason. Office macros may not seem like much and aren't spectacular and might not even look particularly mission critical, but without them everyone effectively works an hour less and that you'll notice.

The truth is that "network effects" favor Linux as a form of Unix in the server room and disfavors anything that isn't Windows any where else. However, the market in general has been moving more towards platform agnostic application development platforms in recent years.

Most companies are afraid to derive products from projects with GPL license, in fear that they will have to share all their code (even unrelated) with customers, and that exact obligation from license is unclear, and might change in court.

Now, article seems to be more about using SW tools developed with GPL license; not developing their own products from GPL components. That is lesser issue.

Most companies are afraid to derive products from projects with GPL license, in fear that they will have to share all their code (even unrelated) with customers, and that exact obligation from license is unclear, and might change in court.

Can't say I've ever encountered that. I doubt you can name names of companies you've experienced this with for confidentiality reasons but can you give some idea of the number of companies you're basing this off - and what sort of size / industries?

Apple. They went as far as writing their own CIFS implementation and their own C, Obj-C, and C++ compiler front ends to avoid the GPL(v3) and its restrictions. They then later opened the compiler front end in a more open way, so clearly this was not through a fear of FOSS, but through a fear of the GPL.

On a semantic note... the GPLv3 has no anti-patent-troll provision. Patent trolls are people who sue people with patents that they have no intention of ever using. They just have the patents to beat other people over the head with.

Clearly if you're releasing source under the GPLv3 that involves those patents you have an intention of using (and have already used) the patents. So, not anti patent troll, anti patent.

It's worse than that. Patent trolls have no operations other than developing or buying patents and making money off of licenses and infringement suits. As a result there is no way to counter sue for infringement because they don't do anything that might violate a patent.

Apple may have a bundle of dubious patents that they are being aggressive with, but at least they have operations which are vulnerable to the same tactics they are practicing.

They are both fine with building off of Free Software. They don't seem to have a pathalogical "right to exclude". Although I wonder about Oracle sometimes.

There are no relevant restrictions for Apple to worry about. Every relevant aspect of MacOS falls into the same category of "proprietary software built on to of free software" that any EA game ported to Linux does. Same goes for Oracle products.

You can trash MS all you want but their development IDE and related services are pretty good compared to the others I have used. MS has always offered good developer support. They cater to the developers to increase the likelihood of people creating more MS programs which in turn bolsters peoples reliance on the basic MS stack. Their original introduction of VB (with all it's short comings) made it much easier for people with limited experience to create applications. On the other hand Java based develope

I was just looking for some backup to the bold claim that development the Microsoft way was was significantly faster.

I like FOSS philosophy and FOSS stuff, but I'll happily admit that VB (6 was the version I used most) was a great GUI prototyping tool, and good for rapid development of general widgets and things. I just really disagree with the blanket statement that developing with MS stuff is 'usually faster', when what I think you mean is that *you* find it faster.

Their original introduction of VB (with all it's short comings) made it much easier for people with limited experience to create applications. On the other hand Java based developer support was much weaker at the same time.

Yes indeed. I remember clearly that Java's support for developers was abysmal in 1991.

I mistyped the date. I meant to type 1997. When the contest started Java (JBE) was being updated almost daily. CORBA integration was also a part of the testing to compare it against the COM/DCOM methodology. The evaluation was using pre-release Java (JBE) intended to provide early developer feedback to Sun in order to get 1.0 stabilized and released to the general population. At the time the documentation and API specs were incomplete or missing in action. The marketing at the time focused on the write-onc

It ultimately is the developer who makes the decision on which programming IDE to use based on what they are comfortable or proficient with. In mid to large sized IT environments developers tend to make their decisions based on their own biases and pay no attention to maintaining uniformity across the entire development environment. Too many developers have personalized software companies and are prejudiced against any tool the company offers without ever evaluating it's capabilities. The word "evil" tends

Perhaps, but those "great tools" are often in the hands of ass-scratchers who will royally screw things up several times before finally releasing (kinda) useable software. Just my experience from troubleshooting/maintaining countless in-house projects at three jobs.

What's nice about middle management is that they don't want to look under the hood. Knowing this, you can manipulate them to let you work on almost anything you want.

If I were trying to convince my old boss's boss about approving my open source project development I'd be talking about Microsoft's new move toward HTML5 standardization, features like resolution independence, forthcoming rumors about Windows 8 and new ERP developments. I'd describe the pricey Microsoft developer programs and conferences, and t

Most companies are afraid to derive products from projects with GPL license, in fear that they will have to share all their code (even unrelated) with customers, and that exact obligation from license is unclear, and might change in court.

Can't say I've ever encountered that. I doubt you can name names of companies you've experienced this with for confidentiality reasons but can you give some idea of the number of companies you're basing this off - and what sort of size / industries?

W/ one of my past employers who used to manufacture flash memory solutions, one of the groups we had in the company was a software support team there to enable customers implement our product in their applications. I once had a conversation w/ the guy heading that group regarding a suite available to help kickstart a major company product we were launching. In course of the conversation, he mentioned that we would be willing to work w/ whatever license the customer wanted, and specifically mentioned that

Nope, not true. Big companies know how to develop with the GPL, and software engineers go through required training to ensure they understand what must be GPL, and what can be proprietary. The problem, I think, is that the scope of the search was "web facing" operations. I see an awful lot of GPL in large Fortune 100 companies in firmware development, and I've worked for 3 of them.

What doesn't happen a lot is that the GPL changes get incorporated into mainstream releases. Not so much because the companies hoard it (the opposite, they're petrified of lawsuits), but because the kinds of software development that occur in commercial enterprise does not necessarily produce good code that you'd want to incorporate in your OSS project.

Yup. We have a range of successful products based on Linux with all sorts of packages under GPL and other licenses. Our legal department keeps track of all licenses and we all know that if/when we introduce a new piece of external code we'd better document where it's from and what license it comes under. They're prepared to send out CDs if anybody asks for a batch of sources for the GPL licensed parts but that has never happened AFAIK.

I've worked for Sun Microsystems and, more recently, Xerox on and with FOSS.

If you buy an A3 Xerox copier, it'll be running Linux (WindRiver) on PowerPC processors. Most of the software is written in C and C++. The colour GUI is written in Java and uses an X server. The informational videos (paper jams) are done using ogg theora. I can't remember which web server us used, but as much of the stack as possible is FOSS for licensing costs and for ease development.

If you didn't receive the binaries from some company, they are under no obligation to provide you with anything. And if you did receive the binaries, then they must tell you how to get the source code.

Google is a great OSS supporter except for the fact they never contribute any of the code use in their current applications. Their main OS is supposedly Linux but they have made so many proprietary changes that it almost makes describing it as Linux seem like false advertising. Goggle designs and builds their own CPUs so I imagine the OS and other related code that takes advantage of these proprietary CPUs looks nothing like the code they release back to the community. No for profit company is going to rele

Hm. Can't say that about the company I am working for. Their main product lines base on Linux, the additional application servers are either based on Windows Server or Linux, depending on the particular developer group. And this is a $2.5 billion per year revenue company we are talking about.

The patent part has nothing to do with doing something with open source or not. If open source has feature X but you choose to implement feature X yourself and feature X turns out to be patented, you infringe too.

First is internal use of the code as-is. Most companies do not have a problem with this.

Second is use of GPL code in a product. Lawyers are going to be involved in the release of products anyway, so licenses will be scrutinized and blessed. Companies using GPL code in a product are aware of the obligation to release the source, and can decide whether or not to build on GPL code based on that requirement. Again, not a big deal, because the requirement i

-we use apache/resin to serve our Java clients -Apache and resin do run on windows you know.

-however, our big workload on the backend is the realtime financial markets data that we have to turn around with minimal latency to the tune of up to 10 million messages/second, 22 billion messages per DAY. We are doing this on 8-core Win2003 boxes, but could probably last another year or 2 on the same hw by switching to Linux and have Linux pilots running on both medium iron (IBM Linux variant) and the midrange servers (OpenSUSE).

Printshop?!? You mean publishing software never owned by either Apple or MS? Flux? The only Apple product you listed was iWork and it isn't even a significant revenue stream for Apple. This entire argument seems idiotic, as companies like Apple do create and contribute to OSS all the time (Webkit anyone?). Apple mainly uses software and services as ways to motivate people to buy hardware. If you want to hurt their bottom line, use all their software and none of their hardware.

that there is no training. There IS training for FOSS products available, but you may have to actually look for it... of course, the MS reps and shills deny it.
Redpill Linpro here makes money giving FOSS courses in several cities. The ad supplements to the IT journals carry course schedules. And no, the courses are not free, similar price per day as other computer courses.

Getting any OSS software certified for use in the corporate environment is a mostly pointless activity where I work.

Corporate IT has in talks with the legal department banned ALL open source software from the network due to "unclear legality of corporate use of software". Since there is no vendor to guarantee that the software is legal and take the hit if it turns out to NOT be legal, they wont go for it.

No amount of lobbying will help us get access to what we want to use. There is almost -always- a commercial vendor which will sell a similar product and the people who make the decisions are so far away from the people using the software that they'll go with the vendor options.

Hell... The head of IT has actually come out and plainly said that usage of firefox on the corporate network was a huge breach of security and could 'endanger the entire company infrastructure'... This was a time when we were still using IE6 while the rest of the world was up at 8 and moving to 9...

If only it was possible to get some of the free options adopted more widely... and if only the corporate lawyer asshats would get educated on the legality.....

Since there is no vendor to guarantee that the software is legal and take the hit if it turns out to NOT be legal, they wont go for it.

Yeah, that sounds like a good heuristic... wait, what?

There are some pretty big open source companies. IBM, RedHat, Google, etc. Conversely, there are plenty of little proprietary software companies that could die off and blow away by the end of the year.

On top of that, since when do proprietary software companies offer to indemnify their customers anyway? Do you see anything like that in the license for Office or Photoshop?

It has very little to do with logic. If they were logical you could argue with them after all.

There are quite a few things I could use in my daily work that I cannot.

* Paint.net, I have to use Photoshop which is quite pricy for the simplistic stuff I do.* SVN, To actually keep track of what I code and change. I make small apps for coworkers to ease repetitive tasks a bit. Instead I get to zip down the code with a Scheduled Task every 8 hours and dump it onto a usb-drive... sigh* A myriad of command line too

My company uses Firefox as its default browser. And they are extremely anal-retentive about security (you can't insert a USB or floppy without IT taking it & scanning it to make sure you didn't steal anything). Apparently they think open-source is safe.

Because it is. As long as it's from a known-safe source (and Netscape/Mozilla certainly fits the bill). Your IT guy is just a brainwashed Microsoft lackey if he thought IE6 was safer than Firefox 4. Similar to that teacher who flipped-out & punis

I've had similar experiences. Though for something as mundane as a web browser, it's not nearly as big a deal, as we can officially stick to IE-only support for our internal pages. But for production systems, we need vendors that are willing to sign away our liability. It's a lawsuit issue through and through.

Doing away with software patents would cut the bureaucratic crap by half, but there's still the other half.

I think this is the best way to convert people to OSS. Start slowly by showing them how can run free, non-Microsoft, non-Apple software. Then after a year or two, transition them to Linux.

What i've found hard is answering the question of 'why'. For the average user who is currently using Windows or OSX i've never been able to make a compelling argument for them to transition to Linux, sure it's free but the cost of the OS is negligible when they purchase their machine so that's no incentive. It's great to hack around with the source code, but most people who just use computers have no interest in that.At the application level it makes sense if they are making a purchasing decision, don't wan

We don't often use open source products directly, instead we use tools supported by 3rd parties that are built on them...

For example:Firewalls are based on BSD but since BSD licensing allows it they are closed systems forked form BSD a long time ago.Our firewall management platform runs on Linux and contains many open source packages, you even have the option of running the management tool on your own linux but we don't, we purchased a rack-able appliance that is maintained as a whole. We get "releases" that update the whole app, server services and kernel as a working supported package..

Our ANTI spam package runs on linux and is based on spam assassin at the lowest level, however again, we purchase a racked supported appliance that gets frequent updates so we don't waste time trying to piece together all the little things.

Hell even our desk phones run linux under neath but do I care? no I wan a phone that just works, so I never touch the open source part..

If you are doing a survey on open source and you are looking at desktop apps and web-servers in an Enterprise, you are missing the open source software right under your nose.

"Open source software is often less polished than its proprietary alternatives; version proliferation and poor usability are two often-reported problems [Nichols and Twidale, 2003,Krishnamurthy, 2005,Viorres et al., 2007]. Highly-paid employees, like knowledge workers, may argue that the fit of the OSS [Thompson et al., 1991], the service quality it offers [DeLone and McLean, 2003], or the perceived behavioral control they have over it [Ajzen, 1991] is worse than that of its proprietary alternative. The key factors for resisting such change can be classified into people-oriented, system-oriented, and interaction theories [Jiang et al., 2000]. As the cost of the software used by highly productive workers forms a small percentage of their total employment cost and the software's quality reflects a lot on their productivity, spending on industry-standard proprietary software may be a rational decision. Consequently, we could expect that the relative advantage of OSS viewed as an innovation [Moore and Benbasat, 1991,Rogers, 2003] will be marginal. As an example, traders with seven figure incomes are unlikely to skimp on the operating system running on their PCs.

--> "Conversely, in Fortune 1000 companies with numerous but less productive employees adoption of cheaper though less polished OSS can offer significant cost advantages, and therefore management can easier mandate its use. For instance, we can easily imagine the cost savings associated with thousands of service desks running Linux and the Thunderbird mail client."

The rules of academic publishing are that you have to cite relevant related work. This includes both fresh results and old classics. Where possible, we tried to cite the most recent studies. Some studies that are appear dated indicate a research opportunity to update the corresponding area. Also, it would be wrong to dismiss a paper because of its age. Some of the older studies we cite present theoretical frameworks of enduring value and importance, demonstrated by the thousands of citations they have rec

False. First I was asking directly about the reports and why they are cited.Second, open source has a huge advantage of making people more efficient. Lets take a frim I have been consulting with as an example:First meeting of the day was about licensing. We had 10 people in a room to discuss what licenses are in use, which ones are going away, and what we need to plan to spend next year. Many other people spent the last week gathering information, creating charts, and writing reports for this meeting. Lost productivity: about 120 hours * 15 people. Next, we worked on trying to mitigate upgrades that two vendors are requiring, leaving them with an unusable system, 4 people assigned full time for the last year. Add in the fact that the closed source vendor has a bug in their software, and our million dollar support contract doesnt cover vendor bugs if they are to fixed in some upcoming version, the ticket is closed and we can suck it. They cant go anywhere else easily, they are locked in nice and tight, the data cant get out and they have convinced management that training is always more costly then change. Next we review how two other offices have reduced thier support labor from 20 people / 200 desks down to 2 per 500 desks using Linux thin clients and open source apps. The users are more productive as the apps are tailored to their workflow, not some clump of apps slapped onto Windows like their counterparts.

So closed source apps and proprietary data formats are the big labor wasters.

You have a point here. And you haven't mentioned the huge cost associated with procurement processes for proprietary software, especially in the public sector. These can drag on for months. In contrast, acquiring an open-source product is often simply a matter of a one-click download. Even if the organization's legal has trouble understanding open source licenses, this is a hurdle you have to overcome just once.

How is this surprising? Highly paid knowledge workers are under heavy demand to perform. Their entire job can be measured in hours of "non-productive" time, which would include learning a new workflow process (Linux desktop and software) so they can do the job that they are already doing quite well. If some tool written under windows is the tool they need, then they get that tool on the latest version. Not giving it to them means the inflow of money stops.

ANY changes are a problem in this respect. It's not just limited to Linux. Merely upgrading to the newest version of Windows or Office will pose the same challenges. It's been this way since the early 90s.

Dealing with the "market leader products" is not free. Upgrading and maintaining them is not free. Never has been.

Most trading companies have huge numbers of Linux servers feeding data to high end trader desktops. I suspect that many of the quants have both Linux systems for work, and Windows for bureaucracy.(email, expenses, etc.). Regular institutional traders use tons of open source software, but likely don't realize it. Sure, the desktop OS is likely Windows, the office suite is likely MS Office, but the browser is Chrome/Firefox. There is also all the stuff on the back end. If the database isn't open source, it is still more likely to be running on Linux than Windows (Db2 and Oracle), with the exception of MSSQL. Web servers, internal and external are more likely to be Nginex or Apache than IIS or other proprietary offerings. Commercial application servers have a small market share compared to open source ones. I can go on, but open source software is already heavily adopted by most large corporations. You won't see it on the desktop extensively, but it is there.

As an example, traders with seven figure incomes are unlikely to skimp on the operating system running on their PCs.

Traders with seven figure incomes don't select the OS and apps running on their desktop. That's what the IT department is for. And when selecting a system for their seven figure income trader, cost is much less of an issue than for the call center employee. Just buy them the newest, shiniest rig at the PC shop. And if it quits, just buy a brand new one and scrap last year's model. At call centers, someone is counting every nickel.

One more point: Some of those citations are pretty old (1991). Things have ch

The biggest obstacle to using OSS in seriously large corporations is support. I'm a lead architect on a seriously big project for a global scale logistics company right now. We use CouchDB, HudsonCI, Membase, EhCache and some other OSS stuff. Its used as core infrastructure on a global deployment to over 100 countries, supporting the entire platform, and handling in the tens-of-millions of messages per day - and I can say from bitter experience that while most managers will buy into the use of this

I'll have to admit that some smaller businesses have been screwed over by low bidder vendors. Some are fly-by-night operators. They set up your office cheap without telling you that support is a separate item. And then they disappear.

An honest vendor will set your system up and explain the support issues to you. Often times, its not much different from proprietary system support. If you really want 24/7 fast response, its going to cost you no matter where you got your stuff. Even Geek Squad home visits to

Most decision makers in DN, DA, DAF run to the hand-holders [AKA: Proprietary Software Marketeers (PSM)], because DD components are dominated by highly certified and very poorly qualified technology-project managers. One project a colleague brought in to the company was promoted and supported by the government worker-bees and pack-mules, but after 12+ months of unsuccessful requesting/pleading for ".mil" domain dev/test and production environments... The PSM came in to save the day and help produce a mon

Oh, puh-lease with the "free data" thing. Ever closed source application I've ever used has import/export features. I've never not been able to get to data under any circumstances. This idea that data is inaccessible outside of a proprietary app is a straw man argument.

That's a far cry from your data being in natively portable formats without any special effort being required by any time. The moment you declared "but I am able to export it", someone will chime in that such a thing is "too much of a bother". That's assuming that the exported result is complete and accurate.

Chances are that such a version will be declared inferior and the cycle of "you really need to use monopoly tool X" starts all over again.

The company that I work for is thinking of moving off of MS Office because their license is expiring soon and moving towards LibreOffice and Thunderbird. I have been doing the testing for our company trying to work all the "bugs" out and seeing how difficult the migration will be. Now, the company I work for is not very big, just under 50 employees, but it is still a company none the less.

I have been working on the same thing for a company I help out.. Make sure you check out zarafa (www.zarafa.com)... It is very, very slick...Also,http://www.zentyal.org/ [zentyal.org] is a great project. Integrated tools, based on Ubuntu Long Term Server.. includes a Samba PDC and file server, LDAP, chat, zarafa, etc. There is also VPN, and internet gateway tools as well.. Pretty slick tool for quick to get started.

My small company runs a webserver on Ubuntu, we have an internet facing exchange server, and an SSL VPN appliance.

Internally we have 30 or so windows/mac servers.

Externally it appears that we are using lots of open source software, but internally we are using practically none. Still, 10 years ago we were using no open source software, so OSS use is growing - at least at my company.

Businesses don't care much about software freedom in the sense of the FSF, but they do enjoy using open source projects or languages, provided that they increase workflow and make things more productive.

The difference can be found at fsf.org, in te "words to avoid" section, I believe.

Basically don't worry about it too much, since most businesses still have a stigma against OSS and FOSS products, even if they are unfounded.